Shortcuts

AppPool Identity and ASP.NET Impersonation Identity

My web application is hosted on IIS7.5. There are some .exe 's with which the web application interacts. I get an access denied error while accessing the .exe. This web application runs under an
Application Pool created in Integrated mode which uses my credentials as its
Identity (I am an administrator on the system). When I enable ASP.NET impersonation feature on the IIS for my web application, this access denied problem is eliminated. But, I feel this is a work around rather than a solution to the inherent problem.
My assumption is that when the Application Pool runs under my Identity, then why should there be a need to enable Impersonation on the same Identity again. The IIS worker processes must be already using the Application Pool's Identity anyway. I'm not well
acquainted with IIS.

Re: AppPool Identity and ASP.NET Impersonation Identity

Thanks for that link on Impersonation. But that doesn't solve the problem. I do not want to compare Impersonation Identity and AppPool Identity. My aim is to find the right way to fix my problem and I believe this forum is the right place to get it. But
still, if you could point me to some comparisons, it would be a step in the right direction.

Re: AppPool Identity and ASP.NET Impersonation Identity

kshitij.verma

hich uses my credentials as its Identity (I am an administrator on the system).

When you create an appliation pool, you may need to set the application pool identity. There are two types of application pool identity Build-in account and custom account. As you description above, I guess you used the custom account and set the local administrator
account for it. To validate this you can copy these source code below to determine what identity is used.

System.Security.Principal.WindowsIdentity.GetCurrent().Name

If the the source code above retrieve the name is "yourcomputename\administrator", surely your application pool identity is the administrator account and there should be no permission problem for accessing .exe file.

You said you are an administrator on the system, but if you didn't set the custom account with administrator accoun as I guessed before, you there should be permission problem. At this case, you can enable the ASP.NET Impersonation.

Anyway, I suggest you to utilize the souce code below to determine what identity has been used, if disable the asp.net impersonation, the identity should be your application pool identity, instead, the identity should be default loged on windows account.

Re: AppPool Identity and ASP.NET Impersonation Identity

I am getting the output of GetCurrent().Name as "domain\MyUserName". Also, the same user is the logged in user and an administrator.

mamba dai - msft

Anyway, I suggest you to utilize the souce code below to determine what identity has been used, if disable the asp.net impersonation, the identity should be your application pool identity, instead, the identity should be default loged on windows account.

Re: AppPool Identity and ASP.NET Impersonation Identity

Okay. Thanks for that answer. Now, my website uses an AppPool created in Integrated mode which uses an Administrator account as its Identity. Then, I get following error. System.Runtime.Remoting.RemotingException: Failed to connect to an IPC Port: Access
is denied.

Re: AppPool Identity and ASP.NET Impersonation Identity

kshitij.verma

System.Runtime.Remoting.RemotingException: Failed to connect to an IPC Port: Access is denied.

Seem you were connecting remote server, the admin account may be your application pool identity on you web server, not remote server. You need to check whether this admin account has access permission to remote server. Or maybe you need to check whether
firewall block the connection.

Please mark the replies as answers if they help or unmark if not.
Feedback to us

Re: AppPool Identity and ASP.NET Impersonation Identity

Thanks! The IIS and exe's are on the same computer. I checked the Event Viewer and IIS logs but could not find anything related to access denied there. Please tell me where exactly to check for the firewall block / log.